GDPR is a new law that came into effect in late May that affected every tech company that does business in Europe. This law was created in response to Facebooks recent Cambridge Analytic blunder where a great portion of Facebook’s users’ data was sold to marketers. This new law prevents stuff like the Facebook attack from happening with new terms & conditions, in which, companies are forced to tell users where and how their data is being used. This doesn’t entirely mean that tech companies can’t use your data, but the users have to agree if they want their data sold off. It’s a revolutionary law that focuses on internet users privacy throughout the world. This is a Farcry from the United States recent passing of the net neutrality laws which is literally the opposite of GDPR. It doesn’t take a genius to realize how different the U.S.A’s internet culture is from the European Unions. It also doesn’t take much thinking to apprehend how many times U.S companies violated “internet privacy.” Some companies in the U.S is built on the backbone of exploiting people and putting themselves first like healthcare, insurance, and institutions.
The reason GDPR can be so problematic to these healthcare companies is how the law regulates against privacy violations. Within the law, it states that companies data regulations have to be constructed in a way where the user’s privacy is placed first. Meaning whatever happens to the customers’ data under the companies supervision must be reported to the said customer. The controversial Equifax breach of 2017 was plagued with disputes because the company was late in relaying the news of the breach to its users. It wasn’t until the CEO and investors sold off half of their shares was when the news was made public, however, it was too late for customers to secure their assets. More than half of Equifax users privacy information was leaked and there wasn’t any way of saving it. In theory, with the new GDPR laws in place, this couldn’t happen because information on people’s private data is relayed in real-time. Obviously, there could be steps around this but GDPR is one step ahead. Not only have they instilled fear of violating these laws the law also forces companies to add GDPR representatives to their employee list. These people aren’t just there to make sure the law is intact, they also serve as whistleblowers to the public as they have the power to leak privacy concerns to victims under their own authority.
These new regulations by the GDPR are terrifying for a great latter of companies in the U.S.A. Like stated before, “in theory,” this could quite possibly end delayed breach announcements like the Equifax breach on Facebook’s Cambridge Analytica. The law gives GDPR representatives the power to announce crimes of customers privacy with the approval of the European Union, not the said company. In addition, companies could face fines upwards to 3% of their revenues if privacy concerns are detected. In practice, this will give citizens a deeper stake in their own data. However, in reality, some might say that this makes running a tech company more expensive.
Let’s be real, companies like Facebook, Twitter, and Google wouldn’t be able to break even if it wasn’t for their use of their customer’s data. Making an already daunting task of breaking even more daunting. There aren’t enough options for companies to make money as is, now they have to worry about the increased leverage that customers have. This hurdle is amongst the many different obstacles that will have to be solved in this increasing sector, and as the GDPR laws tighten. Future plans of GDPR is said to give customers even more ownership of their privacy in the future to create a world of total internet privacy.
However, it might be some years before we see something equivalent to that law being passed in the U.S.A. Under the current Trump administration who is very lenient on privacy laws, a similar law to GDPR could be close to impossible. Some speculate that European tech companies will begin focusing more on doing business in the U.S.A as their internet privacy laws become softer. Time will tell for the faith of GDPR and if we will have total internet privacy in the future thanks to GDPR.